Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319


22 Apr 2022

REvil Tor sites have come back to life

The Tor sites of the infamous REvil ransomware group have suddenly come back online following months of inactivity.

While the group took down all of its websites and essentially shut down its operations back in September of 2021 before being dismantled by Russia’s FSB at the beginning of this year, its sites on Tor now redirect to a new ransomware operation that launched only recently.

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

At this time, it is still unclear as to who or which group is behind this new operation but the new leak site contains a lengthy list of past REvil victims as well as two new ones.

According to BleepingComputer, security researchers pancak3 and Soufiane Tahiri recently spotted ads promoting the new REvil leak site on the Russian online hacking forum RuTOR. Despite the fact that the new site is hosted on a different domain, it still leads to the original one REvil used during its heyday.

Who’s running the new leak site?

As cybercriminals have started employing a Ransomware-as-a-Service (RaaS) model, the new leak site explains that affiliates get an improved version of the REvil ransomware as well as a 80/20 split of all of the ransom payments collected.

When it comes to victims, the site features a 26-page list and while most of them are from previous attacks, the last two appear to be related to this new operation and one of which includes Oil India.

In November of last year when REvil’s data leak and payment sites were still under the control of the FBI, both sites showed a page with the title “REvil is bad” alongside a login form. Even though law enforcement seized the ransomware group’s sites, these redirects suggest that someone else has access to the Tor private keys that made it possible for them to make changes to the group’s .Onion site.

Users on a popular Russian-speaking hacking forum have begun discussing whether the new leak site is a scam, a honeypot set up by the authorities or a legitimate continuation of REvil’s prior business. To make matters more confusing, there are currently multiple ransomware operations that are using REvil’s encryptors or are outright impersonating the original group.

Once security researchers take a closer look at the new leak site, we may finally have some answers regarding whether or not the REvil ransomware group has magically come back from the dead.

Via BleepingComputer

22 Apr 2022

Move over Pip-Boy! Fallout fan turns a plastic mini-nuke into a tiny gaming PC

One Fallout fan, well known for his collection of merchandise from the franchise, has created a truly unique PC from an already unique piece of memorabilia.

The Fallout Collector transformed a 'mini-nuke' model – which came with the Fallout Anthology limited edition back in 2015 – into a functional PC, but unlike the heavily modified build from Linus Tech Tips this build instead is based on budget PC designs. 


♬ original sound - Spencer

As PC Gamer explains, The Fallout Collector used a NUC, a small form factor PC by Intel, as the base and outfitted it with a compact motherboard. The bottom of the mini-nuke was used to house the power supply, with holes made in the sides for I/O ports. 

There’s also a fan in the nose of the mini-nuke, with additional holes drilled into the top to allow for sufficient airflow and the sound effect button has been repurposed as the power button .

While the Fallout Collector is having issues running Fallout 3, both Fallout: New Vegas and Skyrim run at a stable 30 FPS, and the original 2D entries in the franchise have no problems at all. Considering that the PC is running on a sixth-gen i3 system, this is definitely one of the coolest PC builds we've seen to date.

Analysis: ok, so maybe budget PC gaming isn't dead?

Unfortunately, the best budget gaming PC you can get nowadays is pretty much limited to what you can buy prebuilt, since so many of the essential components for a really good gaming PC build are hard to find or more expensive than they've been in the past.

That's one of the things we love most about this Fallout mini-nuke build. It doesn't go all in on high-end components that no one can really buy, and possibly the hardest thing about recreating this kind of build is finding a discontinued sixth-gen chip.

And while we can't see a graphics card being added to the mix on this build, Intel NUCs are starting to incorporate low-rise graphics cards in them, so they could serve as a good base for budget gaming rigs in the future.

21 Apr 2022

Windows 11 update will wave goodbye to insecure file-sharing

Sharing files on Windows 11 will soon be even more secure as Microsoft has announced its plans to finally disable the SMB1 protocol in all editions of its operating system.

For those unfamiliar, the Server Message Block (SMB) protocol was originally developed by IBM back in the 1980s to make it easier to share access to files, printers and other resources on a network. SMB1 meanwhile is a dialect of the protocol that was also created by IBM for file sharing in DOS.

In a new blog post, principal program manager in the Windows Server engineering group, Ned Pyle explained that Windows Insiders on the Dev Channel will be the first to see SMB1 disabled by default for all Windows 11 editions. 

This makes a great deal of sense as Microsoft has shipped both Windows 10 and Windows Server without SMB1 installed since the release of the Fall Creators Update back in 2017. Now though, this will extend to all versions of Windows 11 which will no longer have the insecure file sharing protocol enabled.

Still available as an unsupported install package

Although SMB1 is an insecure protocol, it’s still used today to connect to older NAS devices on Windows PCs.

While the protocol will no longer be enabled by default in Windows 11 going forward, the change won’t affect in-place upgrades of machines where end users are already using SMB1. Microsoft also plans to remove the SMB1 binaries in a future release.

As for businesses that still need to use SMB1 to connect to older devices such as factory machinery and medical gear, the software giant will provide an out-of-band unsupported install package.

In his post, Nyle warned that Microsoft’s plans regarding SMB1 could create pain points for consumers that are still running older hardware who will likely be confused as to why their new business laptop running Windows 11 can’t connect to their aging networked hard drive.

Via The Register

21 Apr 2022

Millions of Android users at risk of attack after widespread security issue uncovered

Almost all Android smartphones could be vulnerable to remote code execution as a result of vulnerabilities discovered in the audio decoders of Qualcomm and MediaTek chips.

The discovery of these vulnerabilities was made by Check Point Research (CPR) and if left unpatched, an attacker could exploit them to remotely gain access to a device’s camera and microphone by using a malformed audio file. At the same time, an unprivileged Android app could leverage these vulnerabilities to escalate its privileges in order to spy on a user’s media data and listen in on their conversations.

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

Since most Android devices are powered by either Qualcomm or MediaTek chips, the impact of these vulnerabilities is wide reaching but thankfully, CPR responsibly disclosed its findings to both chipmakers who have since issued fixes.

Check Point security researcher Slava Makkaveev provided further insight on the firm’s findings regarding these high and critical severity vulnerabilities in a press release, saying:

"We've discovered a set of vulnerabilities that could be used for remote execution and privilege escalation on two-thirds of the world's mobile devices. The vulnerabilities were easily exploitable. A threat actor could have sent a song (media file) and when played by a potential victim, it could have injected code in the privileged media service. The threat actor could have seen what the mobile phone user sees on their phone. In our proof of concept, we were able to steal the phone's camera stream. What is the most sensitive information on your phone? I think it's your media: audio and videos. An attacker could have stolen that through these vulnerabilities.”

Vulnerable audio decoders

The vulnerabilities themselves were found in Apple Lossless Audio Codec (ALAC) which is also known as Apple Lossless.

First introduced back in 2004 for lossless data compression of digital music, at the end of 2011 Apple made ALAC open source and the format is now embedded in many non-Apple audio playback devices and programs including Android smartphones as well as Linux and Windows media players and converters.

While Apple has updated the proprietary version of its decoder by fixing and patching security issues several times, the shared code in the open source version of ALAC has not been patched since 2011. CPR discovered that Qualcomm and MediaTek ported the vulnerable ALAC code into their own audio decoders which is why so many Android smartphones are now at risk.

CPR responsibly disclosed its findings to both chipmakers last year and they in turn released patches to fix all of their vulnerable audio decoders back in December. To avoid falling victim to any potential attacks though, you should make sure that your Android device has been updated with all of the latest patches.

21 Apr 2022

Elon Musk has the money to buy Twitter - now what?

Elon Musk now has the funds to buy Twitter outright.

The Tesla and SpaceX CEO is hellbent on adding another notch to his entrepreneurial belt, making a cash offer of $46.5 billion for the remaining Twitter shares he doesn't own.

Musk laid out his new plan in a Thursday filing with the US Securities and Exchange Commission. The tender offer, which would pay shareholders $54.20 per share, comes after Twitter's Board refused an earlier $43 billion acquisition offer and invoked a so-called "poison pill" plan. That plan would've allowed remaining shareholders to buy new shares at a discount if anyone, like Musk, bought more than 15% of all shares of the company.

Now, however, Twitter is facing a much more aggressive acquisition play and billions more than Musk's original offer.

No word on how Twitter plans to respond, but the possibility of Elon Musk owning Twitter is turning toward reality.

See more

What does that mean?

Musk has repeatedly complained about censorship on the platform and will likely seek a rewrite of Twitter's terms of service to achieve what he views as a more balanced approach toward both sides of a debate.

He might also seek to open-source Twitter's code for the sake of transparency. That might lead to a flood of third-party services tapping into Twitters' data stream to launch new plugins and, likely, competing services.

There is a chance that Musk could bring back banned users like former President Donald Trump, though he has never explicitly stated that intention.

As for Twitter's roughly 300M members (reportedly only 206 million are monetizable, monthly active members), a segment of them might leave the service in protest. Still, others might join because they believe Musk's Twitter will handle extreme voices (left and right) differently than previous leadership.

Musk has the support of Twitter founder and former CEO Jack Dorsey, at least Musk did when he was simply trying to have a say in the board room. Shortly after Musk first purchased almost 10% of Twitter shares, he was invited to join the board. Dorsey lauded the move and said Musk and current Twitter CEO Parag Agrawal would make a great team.

before Musk could even start, he backed out and then returned with his first acquisition offer.

In the meantime, Twitter has done what it can to encourage other offers, though none of any significance has materialized. That leaves Musk and his huge bag of cash. Even if the board wants to say "no," it's an offer shareholders may find hard to refuse.

Maybe it's time to get ready for Musk Twitter.

21 Apr 2022

Google claps back at Brave, DuckDuckGo over latest privacy debate

Google has hit out at Brave and DuckDuckGo over recent service updates designed to undermine the divisive AMP initiative.

Earlier this week, the two privacy software vendors announced new browser functionality that allows users to bypass AMP, which they say is harmful to privacy and the economics of the web. However, Google has now moved to dismiss these criticisms.

“These allegations are misleading, conflate a number of different web projects and standards, and repeat a number of false claims,” said a Google spokesperson, in an email exchange with TechRadar Pro.

Google AMP

Rolled out in 2015, AMP (short for accelerated mobile pages) is a system whereby stripped-back versions of trending web pages are preloaded and served up via Google servers.

When AMP was first announced, Google said it believed the system would help ensure rich web content such as video and animation would load rapidly and behave consistently across all platforms, thereby improving the web experience.

However, the scheme has come under criticism from publishers and privacy advocates alike, who say AMP gives Google yet more signals to gobble up in support of its digital advertising business, creates confusion as to the source of information and forces publishers to build their websites to Google’s desired spec.

This week, Brave also called into question the benefits of AMP from a user experience perspective, going so far as to say that “AMP is bad for performance and usability”, an accusation that appears to have caused particular irritation at Google.

“AMP is an open source framework that was collaboratively developed with publishers, tech companies, and Google as a way to help web content load faster– at the time it was created, it took 19 seconds on average to load a mobile webpage on a 3G connection,” the Google spokesperson told us.

“Today, AMP continues to be a helpful way for websites and publishers – especially those without large development teams – to easily create great web experiences.”

The debate over AMP is unlikely to be settled any time soon, however, with a second-generation system now in the works, informally known as AMP 2.0.

In the opinion of Brave, this new system has the potential to be “even worse”, allowing “more of the web to be served from Google’s servers, and in ways that give users less control over how they interact with that content”.

21 Apr 2022

Google Meet gets new co-hosting options to help keep your meetings under control

With video calls showing no signs of disappearing any time soon, Google has announced new co-hosting options for its video conferencing software. 

Users will now be able to set up Google Meet breakout rooms in advance of their meetings via Google Calendar, which allow moderators to divide participants into smaller groups during video calls.

Google said it hopes the new features will allow meetings to flow more smoothly, as in addition, users will now be able to turn meeting safety features on or off ahead of their catch-ups, including chat lock and present lock, and designate co-hosts before the meeting. 

Google Meet co-hosting

Admins who want to learn more about managing Google Meet safety settings and host management can visit Google’s help center.

To configure host control and co-host options when scheduling a meeting in Google Calendar end-users will need to select: “Add Google Meet video conferencing”, followed by “Video call options” (gear icon), and “Host controls or Co-hosts”.

The product is set for a gradual rollout, which will allow up to 15 days for full feature visibility, starting on April 20, 2022.

Google has been making frequent updates to Google Meet.

Google recently added a new settings panel to the Meet, which allows users to quickly access effects such as background blur, background images and styles before and during a video call.

Meet has also received a "leave empty call reminder", which prompts users to leave a meeting if they're the only one to join a call, potentially ending any awkward interactions. 

21 Apr 2022

Your Zoom calls may soon get a lot more physical

Getting noticed on a Zoom call could soon be a lot easier thanks to a new update coming to the service.

The video conferencing platform has announced it is bringing gesture recognition to its desktop versions of Zoom, giving users a much easier way to capture attention.

Currently, only two gestures will be supported, but they're pretty important ones - Thumbs Up and Raise Hand - so you should be able to get the spotlight with ease.

Two thumbs up

Gesture recognition had been present in some versions of Zoom for a little while, namely the company's iPad and iPhone apps, but this marks the first time the feature will be available on its desktop apps.

Performing one of the two included gestures will display the relevant emoji in the meeting itself, giving a useful way to respond or react if you're in a particularly loud or crowded place.

Users will need version 5.10.3 or more recent to utilize gesture recognition, which can be enabled at the account, group, or user level - although it is disabled at the client level by default.

Zoom Whiteboard

(Image credit: Zoom)

In addition, the company has also announced the launch of Zoom Whiteboard in a bid to help boost online collaboration. The "completely rebuilt" online whiteboard experience is described as, "a persistent, expandable, digital canvas", offering shapes, connectors, sticky notes, adding images, and more features.

The company says the upgraded Zoom Whiteboard makes it easier to replicate the spirit of in-office collaboration among remote teams, across use cases as varied as education, training and project management.

Elsewhere, Zoom has also introduced a host of new upgrades and updates as it looks to keep pace with its rivals. 

This includes increased visibility of breakout room activities or hosts, the ability to create a central library of polls for meetings, and requiring users with a work email login who do not have two-factor authentication to enter a one-time password when Zoom detects a suspicious login.

21 Apr 2022

Microsoft Defender error is giving Google Chrome users a serious fright

Several recent Google Chrome updates have been flagged as potentially harmful by Microsoft's in-built antivirus and endpoint protection service, reports have claimed.

A number of Windows system admin reports have shown that Microsoft Defender for Endpoint has been tagging browser updates delivered via the Google Update service as suspicious.

The activity is thought to be down to a false positive issue, but it's another possible headache for both Microsoft and Google as they try and disseminate their wares to as wide an audience as possible.

False positive

The Windows reports, seen by BleepingComputer, show that affected users were shown an alert concerning a possible "multi-stage incident involving Execution & Defense evasion".

However, Microsoft says it has investigated the issue and found it to be a false alarm caused not by any criminal activity, but a clash of alerts.

"Admins may receive a false positive alert for Google Update on Microsoft Defender for Endpoint monitored devices," Microsoft said. The company later revealed it had fixed the issue after around one and a half hours, with customers now able to fully use Microsoft Defender for Endpoint again.

The news is the second such incident involving Microsoft Defender and false positive alerts within the past few months.

In March 2022, a similar incident saw some Microsoft Office updates flagged as ransomware threats by Defender for Endpoint. Microsoft was again quick to investigate the issue, confirming it was again a false alarm.

In early December 2021, Defender also prevented users from opening some Office files and launching various applications, triggering false positives related to Emotet malware.

Several serious security issues have affected Google Chrome in recent months, including a raft of zero-days. Most recently, the company released Chrome 99.0.4844.84 for Windows, Mac, and Linux to fix a high severity zero-day vulnerability that allows for remote code execution.

Zero-day threats have become a major concern for businesses and end-users alike, with Google's in-house security team recently noting that the number of issues reached a record high in 2021.

Via BleepingComputer

21 Apr 2022

TSMC takes a swing at Intel over 'futile' US expansion plans

The founder of Taiwanese chip foundry TSMC has described attempts to ramp up manufacturing capacity in the United States as an “exercise in futility”.

Speaking at an event hosted by the Brookings Institution, Morris Chang said he believes the conditions of the US economy and labor market are not conducive to success in the context of semiconductor fabrication.

Specifically, he cited the dearth of manufacturing talent in the country, which has long prioritized alternative skill sets, as well as the cost of producing chips in the US, which Chang says is 50% higher than in Taiwan.

Intel in the US

Over the last couple of years, the US has become increasingly determined to onshore a larger proportion of semiconductor manufacturing, driven by the ongoing chip shortage, supply chain disruption, and the aggressive stance of China towards Taiwan.

To assist with this push, the Biden administration has pledged billions of dollars in subsidies, much of which will go to Intel, one of only a handful of companies capable of manufacturing advanced processors.

In early 2021, Intel made public a reworking of its integrated device manufacturing (IDM) strategy, which the company called IDM 2.0. The objective is to position Intel at the bleeding edge of chip design and manufacturing, and capitalize on new revenue streams during a period of unprecedented demand. Inevitably, these plans will require significant investment.

In January, the company revealed it would splash $20 billion on a state-of-the-art manufacturing campus in Ohio. This 1,000 acre “mega-site” will house up to eight separate fabs, which would make it one of the largest facilities in the world.

To further bolster US manufacturing capacity, Intel also announced it will funnel a further $3 billion into an extension for its D1X factory in Oregon. The expansion will apparently pave the way for next-generation technologies that will underpin new chips for personal and business computers, 5G networks, cloud servers and more.

Thinly-veiled criticism

In light of the billions Intel is currently sinking into projects on US soil, Chang’s comments can be read as thinly-veiled criticism of the rival manufacturer’s strategy.

Based on TSMC’s experience in the country over the last two decades, Chang expects Intel to struggle to staff its new US facilities, and says “it will be hard for the US to compete internationally” as a result of pricing constraints.

Essentially, he believes the US has gambled on war between China and Taiwan, which would bring about the only scenario in which the current level of investment in US chip manufacturing would make business sense.

However, if such a war does not materialize, Chang believes the Biden administration (and by extension, Intel) will be left significantly out of pocket with little to show for it.

21 Apr 2022

Microsoft wants to give your SMB free one-on-one tech advice

Microsoft is launching a one-on-one consulting service it says will help UK small businesses meet their technology needs.

The business consultation service will be run by Microsoft product specialists at the Microsoft Experience Center in London.

The announcement comes hot on the heels of a recent price hike to Office 365 described by the tech giant as the first “substantive Office 365 pricing update” since the launch of its productivity suite just over a decade ago. 

What’s in it for small organizations?

UK-based small organizations looking to benefit from the new scheme can visit Microsoft’s business consultation website and book in a one-on-one appointment.

These organizations will be able to connect online with a product specialist via video, chat, or audio call, who Microsoft say will be able to listen to their needs, answer questions, and provide personalized solutions.

In addition, these organizations will also be able to have an in-person consultation at the Microsoft Experience Center during opening hours, without booking an appointment first.

Microsoft says that after finding the appropriate business solutions during the consultation, it will help these organizations through the setup and deployment process.

Consultations with Microsoft are available between 9am and 6pm, Monday to Friday, and will last up to an hour, though follow-up calls can be booked with the same product expert.

Users will be able create a reservation on behalf of someone else, but the account holder must be 18 years or older and be on the consultation call in order to continue with the reservation.

Microsoft has also partnered with InSignLanguage to provide British Sign Language interpreters for these consultations in Microsoft Teams, while captions can also be turned on during the conversation.

“We recognize that organizations across the UK may need more personalized support as we emerge from the COVID-19 pandemic and ways of working change,” said Joy Attuh, Senior Hub Manager at Microsoft UK. “The free Business Consultation service can help with digital transformation plans by deploying cloud-based technology tools and services such as Microsoft 365 and Dynamics to empower employees and unlock growth.”

“Microsoft will be there every step of the way to answer questions and guide customers to find the solutions they need.”

21 Apr 2022

Google wants to help you avoid bad Chrome extensions

Google Chrome is widely regarded as one of the best browsers around – but this popularity often comes with some risk, as criminals look to target its huge user base.

In its latest update, the company is attempting to help users decipher which Google Chrome extensions are legitimate and which ones to avoid through new Chrome Web Store badges. 

Google says there will be two types of badges: Featured, given to extensions that "follow our technical best practices and meet a high standard of user experience and design"; and Established Publisher, for those "who have verified their identity and demonstrated compliance with the developer program policies." 

Chrome web store badges

(Image credit: Google)

The goal is to give users an easier way to see whether an extension is really what it says it is without having to look through the reviews or search the web - hopefully helping users avoid malware and other security threats. 

Google says the overall process for awarding the badges will be manual – hopefully helping cut down on bad actors gaming the system – and will be based on whether the extension complies with the latest APIs, offers an "enjoyable and intuitive experience", and other factors. 

Extensions can be dangerous 

It feels like every month (or maybe every two) we get a new story about a bad Chrome extension that abused its privileges to infect a person's computer or some other dastardly scheme. 

A recent example was The Great Suspender, a popular extension that forced excess tabs to sleep to save resources, that was delisted by Google (and even uninstalled for users) for containing malware. 

The openness of the Chrome Web Store means that pretty much anyone can get in and given the sheer popularity of Chrome, which has a 90%-plus market share, bad extensions are a serious opsec risk. 

21 Apr 2022

Amazon Prime shipping delivery is now available to all merchants

Amazon is looking to expand its next-day delivery service with the launch of Buy with Prime, a new service that competes directly with FedEx and UPS for delivery supremacy as the e-commerce wars heat up. 

"Buy with Prime is a new way to extend Prime shopping benefits—including fast, free shipping, a seamless checkout experience, and free returns—to merchants’ own online stores, ultimately increasing selection for Prime members," the company said in a blog post announcing the news.

"Participating merchants will display the Prime logo and expected delivery date on eligible products in their own online store, offer a simple, convenient checkout experience using Amazon Pay, and leverage Amazon’s fulfillment network to deliver orders. Amazon will also manage free returns for eligible orders."

Buy with Prime

The launch could be seismic in its effect, as it stands, anyone wanting to get the benefits of the Prime brand need to host stock in Amazon's warehouses. Loosening those rules means that Amazon's mark will be on even more orders and transactions.  

Buy with Prime will cost sellers an additional fee and pricing will vary based on a number of factors, such as payment processing, fulfilment, and storage costs. 

Initially, the service will be available to those who use Fulfillment by Amazon (FBA) – where merchants pay to store items in Amazon's warehouses and Amazon handles the shipping – but the plan is to expand over time. 

Amazon conquers all 

FedEx, UPS, and the USPS must be looking at this news with concern. 

Amazon is already a behemoth, dominating the e-commerce space in America, a position that was cemented over the pandemic when shopping moved online. 

While spending trends show that physical retail is on the up, Amazon facilitating much of the backroom heavy lifting that goes into e-commerce expands the company's moat even further. 

Buy with Prime is limited at launch – by design – but the inevitable expansion over the coming years, bringing more and more direct-to-consumer stores into Amazon's reach, will only strengthen the company. 

When you add in AWS, which consistently provides huge amounts of free cash for Amazon to invest elsewhere, Buy with Prime has huge potential to help Amazon dominated US online retail for good. 

21 Apr 2022

Sega just ensured that I won't be playing Sonic Origins

Sonic Origins, a remaster of four classic Sonic games, will be released on June 23 across all platforms, but Sega's choice to include the controversial Devuvo DRM for the PC version of the game is likely to rustle some feathers.

For those who are unaware, Denuvo is an anti-piracy digital rights management (DRM) solution for game developers that can be integrated into PC games in order to make it more difficult to copy and then redistribute them. This isn't something that's downloaded in addition to games, but rather included within the game code itself, which makes removing it from your system almost impossible.

It's natural that game developers would want to avoid piracy, but gamers have expressed concerns over the DRM's impact on performance. A YouTuber called Overlord Gaming even has a series documenting performance benchmarks with and without Denuvo, created by taking advantage of situations where developers have willingly removed it from game files.

One such video comparing titles such as Death Stranding and the Resident Evil 2 remake notes that screen-loading times and frame rates were affected consistently. There's a lot of data to sift through, but the main menu for Death Stranding took 35 seconds with Denuvo, versus just 16 seconds when the DRM had been removed. The numbers may be low, but that's still an increase of almost 55%.

Denuvo claims that its website that the DRM has no negative impact on game performance, stating "Since only performance non-critical game functions are used in the Anti-Tamper process, Anti-Tamper has no perceptible effect on game performance nor is Anti-Tamper to blame for any game crashes of genuine executables."

Collecting rings while jumping through hoops

Still, many gamers are wary when they see the Denuvo name appearing alongside anticipated launches, and not just because of performance issues. Another issue that people have with a lot of DRM like Devolo is that they create additional work for you to simply play the games you rightfully purchased. 

Activation data is saved on your PC during installation that's based on unique data extracted from your hardware and Steam profile, which then needs to be checked before you run your game. This means you need to be able to connect to those servers to launch, so you need an active internet connection, even if you want to play an offline, single-player game.  

It should be noted that Denuvo only connects to those servers periodically, so you can play offline for a duration. User reports across Steam and Reddit appear to place the timeframe of authentication at two weeks, after which the game will need to connect to activation servers again. If your system is unable to connect to the internet during this time, you'll be locked out of the game until you regain connection.

There's also the frustration that DRMs like Denuvo have a life expectancy. No game can ever fully escape piracy, with DRMs simply prolonging the inevitable. Games that don't launch with a DRM or anti-piracy protections can be cracked at launch, so despite Denuvo having varied success with how long it can prevent game files from being distributed, this is still valuable for developers who want to see as many consumers buy their game at launch as possible.

However, this does mean that DRMs quickly become irrelevant the moment that the games they're trying to protect are cracked, and it's not guaranteed that the feature will be removed post-launch when it no longer serves a purpose. 

Ubisoft for example, still has Denuvo running in the code of many of its older games and, to my knowledge, has never removed it. Given that Assassin’s Creed: Origins wasn’t cracked until 99 days after launch (which is EONS in gaming piracy), I can see why the developer would view DRMs in such a favorable light.

Does Denuvo cause purchase delays?

There's no guarantee that Sonic: Origins will have issues caused by the controversial DRM, but fans are rightfully concerned given its history with previous launches in the Sonic franchise. Sonic Mania experienced issues with offline play during its Steam launch caused by... you guessed it, Denuvo.

Negative customer experiences with Denuvo and other recognizable DRM service providers have resulted in some consumers avoiding games at launch entirely if anti-piracy protection is involved. I certainly fall into this camp myself, and it resulted in me not only playing games I already needed to get through in my Steam library, but also picking up games at a later date in the sale when the offending DRM has been removed.

It would be easy to paint those who oppose DRM's as pirates themselves, but with so many legitimate concerns outside of game cracking or retro preservation, this clearly isn't the case.

If that wasn't enough salt in the wounds for fans of the Sonic franchise, the Sonic Origins website shows some content will only be available through additional DLC. To unlock everything, you’ll need to buy three expansions: the Premium Fun Pack, Classic Music Pack, and Start Dash Pack. We don't know how much these will cost individually, but the Digital Deluxe Edition of the game, which includes both expansions, costs an extra $44.99 / £36.98 – pricing the additional content around $5.

It's frustrating to see DRMs included in highly-anticipated launch titles, but I can at least understand why developers love using them. The 99 days taken to crack Assassin’s Creed: Origins likely made Ubisoft a fat stack of cash it would have otherwise lost to piracy, after all. But I still can't forget the frustrations I've experienced trying to play a single-player, offline game remotely, only to be thwarted by DRMs being unable to verify my purchase due to me being offline. 

I want to feel as if I fully own the games I've purchased. Is there a better option for developers? Certainly not one that I'm aware of, but that in itself doesn't excuse how legitimate paying customers can be affected by a company's efforts to stamp out piracy for a few weeks, especially if DRMs are still included in games years after launch.

Via WCCFTech

21 Apr 2022

Citrix strikes back at Windows 365 with new desktop-as-a-service options

Citrix has updated its desktop-as-a-service (DaaS) offering, which delivers virtualized apps and desktops from the cloud to users' devices.

The refreshed solution, Citrix DaaS, is now available in hybrid cloud and hyperscaler-specific deployment options.

The news comes after Citrix competitor Microsoft recently expanded its own virtualization service with new features for hybrid working. The tech giant announced a series of updates for Windows 365 earlier this month, which enable users to switch between their local and cloud-based Windows 11 desktops with ease.

Citrix DaaS update

Citrix says the updated solution, formerly known as Citrix Virtual Apps and Desktops Service, provides remote access to apps and data for employees.

The Florida-based tech firm says the solution allows customers to store their information on a secure cloud server and to implement a zero-trust security approach to device protection, covering managed and employee-owned devices.

In addition, Citrix says the solution can help organizations scale the number of desktops they offer up or down to cater to demand from different employee types and to meet varying work needs. This includes full-time employees, contingent and seasonal workers, temporary labor, freelancers, and designers and partners.

Citrix DaaS is available in two flavors: Hybrid DaaS and DaaS for Hyperscalers.

 “Businesses want a modern and secure desktop, application, and data delivery strategy that reflects the reality of how users work and can keep up with the rapid change of business applications and devices, without amplifying the management and security burden that already weighs heavily on IT shoulders,” said Mark Bowker, Senior Analyst at the Enterprise Strategy Group.

“DaaS possesses the unique combination of attributes that appeals to businesses across industries: improved time to value, cost reduction, and enhanced security.”

The market for hybrid working solutions may continue to be a fertile one. As the pandemic recedes, only around 34% of "knowledge workers" (those who predominantly work on a computer) have made a full return to the office according to a recent survey by Slack.

In addition, the DaaS market is currently going from strength to strength; Gartner expects spending on DaaS to grow 26.6% in 2022.

21 Apr 2022

Microsoft’s greed is killing Windows 11 for me

Nothing in life really comes for free, and Windows 11 is a great example of that. While Microsoft’s latest operating system is offered as a free upgrade for many users (previous moves from older versions of Windows to newer ones would require you to pay for the privilege), behind the scenes, there are plenty of ways you end up ‘paying’ to use Windows 11.

This includes sharing increasing amounts of data with Microsoft – something that the company was forced to make clear during the setup process. Microsoft is also using Windows 11 to push you towards its own services. For example, you’re now asked to have a Microsoft account, which usually involves signing up for a Microsoft-owned email account. You’re also encouraged to use Microsoft’s OneDrive cloud storage, rather than alternatives like Google Drive or iCloud.

And this is all before you even use Windows 11 for the first time. Once you actually boot into the operating system, things get worse. Microsoft’s Edge browser is installed by default, and while it’s come a long way since it first debuted in 2015 with Windows 10, many people (myself included) prefer to use other web browsers.

However, searching for and installing a different browser in Windows 11 using Edge results in numerous popups and messages from Microsoft pleading with you to give Edge a try. It’s annoying, and a little bit cringey, to be honest.

Still, you can at least ignore those, install your web browser of choice, and make it the default – which Microsoft has at least made easier to do after pressure from users.

While annoying, it was something I didn’t mind putting up with to use Windows 11, which is ‘free’, after all. However, Microsoft has been getting increasingly desperate – and even greedy – when it comes to trying to force its services on me, and it’s making me start to dislike the operating system.

Helping itself before it helps you

A particularly egregious example of this happened the other day. I’m one of those cool kids who still prefers to use a desktop PC, and I noticed that all of a sudden, my computer was losing internet access every 20 seconds or so.

Now, as a tech journalist, this led to me overthinking the problem. My PC is connected to my modem via an Ethernet cable and powerline adapters, so my first step was to restart and reconnect the adapters, which had caused a similar issue in the past.

When the problem persisted, I looked to disable then re-enable my network adapter in Windows 11. In previous versions of Windows, this was a pretty straightforward process, but Microsoft has now buried the option under several different settings screens – another annoying feature of Windows 11.

I then decided to try the built-in network troubleshooting tool. Again, in previous versions of Windows, this was easy to find, and as part of the troubleshooting process the operating system would disable then enable the network adapter, which has fixed similar issues in the past.

Using the Settings app, I found what I thought was something similar called ‘Troubleshooting network connection issues’. However, on clicking it, I discovered what was possibly the nadir of Microsoft’s greed when it comes to forcing its products and services on Windows 11 users.

Instead of launching the troubleshooting application like I’d hoped, Edge opened – despite not being my default web browser. This has been an annoyance of mine for a while now, as even if you set a different web browser as your default, Microsoft will regularly ignore that and use Edge instead.

Edge then loaded up Bing – Microsoft’s pretty much unloved search engine – and searched for ‘Troubleshooting network connection issues’, which brought up a Microsoft webpage.

Now, there’s a pretty glaring issue with forcing people to search the internet for solutions to their network connection issues, and that became apparent when I tried to click the link. Rather than showing the page, Edge told me I was offline, as it coincided with a time when my PC had lost connection.

Most people who are suffering from network connection issues cannot access the internet because of those very connection issues they are trying to fix, so making them have to go online to search for an answer is pretty ridiculous.

Because my network issues were intermittent, I was able to wait until my internet connection came back, then refresh the page to see what Microsoft suggested. If my network connection issues were severe enough to prevent me from connecting to the internet at all, I’d have never got to see the page.

As it turns out, that wouldn’t have been an issue, really, as the webpage was pretty useless, offering just vague suggestions that mainly centered around Wi-Fi connection problems – so nothing that applied to my situation.

In the end, I figured it out myself: I got down on my hands and knees and checked behind my PC. The Ethernet cable had been pulled out slightly. Pushing it back in solved the problem.

However, this little escapade didn’t just prove that I am an overthinking idiot, but also that it feels like Microsoft cares more about helping its services and products then it does its users. The only reason for getting people to go to a Bing search via Edge for network connection troubleshooting is to make people use those products. It doesn’t help fix any issue that the user may have with their network connection.

It left me feeling annoyed by Microsoft, and far less fond of Windows 11 and the general direction the operating system is going in. Microsoft’s desire to get more people to use its services is understandable, and in some ways is the price we pay to get Windows 11 for free, but the heavy-handed way it’s going about doing this smacks of greed and a disregard for its users’ needs.

This has got to change, otherwise even when free, Windows 11 will not be worth it.

21 Apr 2022

Get your MacBooks now kids, Covid lockdowns are hitting Apple's suppliers hard

As Covid cases continue to rise in China, many major tech suppliers are having to close their factories or restrict the movement of their workers, something that might be a huge headache for Apple this year as roughly half of its Chinese suppliers are in and around the hardest hit region of the country.

A new analysis conducted by Nikkei Asia found that found half of Apple's 200 main suppliers are in or around the city of Shanghai, which is currently in the midst of a weeks-long lockdown at the direction of the Chinese government. 

Shanghai is currently struggling with one of the largest surges in Covid cases that China has seen since the start of the Covid epidemic in 2019. Under China's official "Zero Covid" policy, anyone who tests positive for Covid is forced into isolation in an effort to eliminate community transmission of the coronavirus that causes the disease.

This is worrying a lot of industry leaders and analysts, since the number of factories that have been shuttered or operated at reduced capacity could quickly exacerbate the supply chain crisis that is producing shortages and price inflation around the world.

Chinese officials aren't oblivious to this threat, and this week factories have been told they could start reopening under a closed-loop production model, where factory workers remain isolated and do not interact with the surrounding community. According to the Guardian, Tesla factory workers, for example, were reportedly told that they must sleep onsite rather than go home after their day was done.

TechRadar has reached out to Apple for comment on the situation in Shanghai and related supply chain concerns and will update this story if and when we hear back from the company.

Apple's supply chain has been resilient, but can it continue to hold up?

While Apple isn't the only major tech company impacted by the factory closings in and around Shanghai, the fact that so many of its top suppliers are there could be especially problematic.

Nikkei Asia reports that more than 70 of Apple's suppliers have factories in the neighboring Jiangsu province and most of those are in Kunshan and Suzhou, two cities that are geographically close to Shanghai. Another 30 suppliers are in Shanghai itself, and, taken together, supply everything from printed circuit boards to batteries and include major product assemblers like Pegatron.

"We think the impact is much more serious than the power outage last year as it involves a wide range of supply chain," display supplier AU Optronics chairman Paul Peng said, speaking of the enforced power consumption reductions the Chinese government directed in September 2021. "The disruption is not to a single company or industry, it's a global supply chain incident that could lead to a supply chain cutoff in the worst-case scenario."

Assuming that production restarts in Shanghai and the surrounding areas without issue – a big if, given the amount of Covid transmission in the region – it will still take time to restart production lines and get them up to running at full capacity.

What's worse is the timing of the disruption. It takes months for products like MacBooks and iPhones to be produced, tested, packaged, and shipped overseas to global markets in Europe and North America. The products that should be hitting store shelves during the November and December holiday season would typically start being made in the next several weeks. Disruption at this point in the cycle could lead to missing targets for the end of 2022.

"May and June will be crucial for many consumer electronics brand vendors," an executive at a supplier for HP said to Nikkei Asia. "If production does not ramp up in time for goods to be shipped via ocean cargo, there is a chance they could miss the Christmas holiday sales season in Europe and the U.S. due to congestion at ports – unless they ship by air, which is much more expensive."

Whether Apple's suppliers can resume production on time and ship their products out on schedule might not just threaten holiday season inventories, but it could potentially threaten product launches expected to come later this year, particularly the new iPhone 14 and the MacBook Air, both of which are major flagship products for the company.

20 Apr 2022

Google says 2021 was a record year for zero-day hacks

Google's in-house security team has warned that zero-day security threats are becoming a bigger risk than ever before.

In its annual round-up of the zero-day threat landscape, the Google Project Zero team noted that 58 distinct threats were identified in 2021, the biggest number seen since it began investigating back in 2014.

This is up from the 25 exploits discovered in 2020, and nearly double the amount seen for most years covered by the investigation.

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

Zero-day threat

Somewhat dishearteningly, the team noted that methodology used by zero-day attackers doesn't appear to have changed or evolved much from previous years, with the same bug patterns and exploitation techniques still proving popular.

“When we look over these 58 0-days used in 2021, what we see instead are 0-days that are similar to previous & publicly known vulnerabilities,” wrote Google. “We’d expect that to be successful, attackers would have to find new bug classes of vulnerabilities in new attack surfaces using never before seen exploitation methods. In general, that wasn't what the data showed us this year.” 

However, Google does also note that the increase in reported zero-days may actually be a good thing, as it means more threats are being reported and publicly disclosed.

"We perform and share this analysis in order to make 0-day hard," Maddie Stone from the Project Zero team wrote in a blog post announcing the findings. "We want it to be more costly, more resource intensive, and overall more difficult for attackers to use 0-day capabilities."

"2021 highlighted just how important it is to stay relentless in our pursuit to make it harder for attackers to exploit users with 0-days. We heard over and over and over about how governments were targeting journalists, minoritized populations, politicians, human rights defenders, and even security researchers around the world."

"The decisions we make in the security and tech communities can have real impacts on society and our fellow humans’ lives."

Overall, Google says the industry does appear to be improving when it comes to the "detection and disclosure" of zero-day exploits, but it does warn that these are still "baby steps".

The company is calling for a number of steps to boost progress, including establishing an industry standard behavior for all vendors to publicly disclose when there is evidence to suggest that a vulnerability in their product is being exploited. 

Google also says that vendors and security researchers alike should do better at sharing exploit samples or techniques, and more effort is also needed on reducing memory corruption vulnerabilities or rendering them unexploitable. 

20 Apr 2022

Tape storage is anything but dead, it's going from strength to strength

Tape storage is far from obsolete as a new report from the LTO Program has revealed that a record 148 exabytes of tape was shipped last year.

LTO Program Technology Provider Companies HPE and IBM have released their annual tape media shipment report which shows that LTO tape saw an impressive growth rate of 40 percent in 2021.

Although only 105EB of total tape capacity was shipped during the pandemic in 2020 and 114EB (the previous record) was shipped in 2019, last year’s tape shipments broke a new record as organizations tried to cut cloud storage costs when archiving their unstructured data.

GM and VP of HPE Storage, Patrick Osborne provided further insight on the report’s findings in a press release, saying:

“Despite the significant business disruptions and uncertainty in 2021, LTO tape capacity shipments achieved the largest increase since 2006, surpassing the previous record set in 2019. We’re continuing to see organizations return to tape technology, seeking out storage solutions that offer high capacity, reliability, long term data archiving and stronger data protection measures, especially as threats to cybersecurity soar.”

Cyberthreats continue to drive tape adoption

When an organization has its systems infected with malware or its files are locked following a ransomware attack, this can do irreparable harm to its business. While there are proactive measures a company can take to defend against the latest cyberthreats, tape storage prevents sensitive files and documents from being online in the first place.

According to the LTO Program, organizations are increasingly turning to LTO tape technology for increased data protection at a time when ransomware attacks are surging. This is because tape storage offers an inherent air-gap which denies cybercriminals the physical connectivity needed to access, encrypt or delete data.

At the same time, ransomware trends are reinforcing the need for organizations to adopt the 3-2-1-1 backup rule where at least three copies of data are stored on two different storage mediums with one off-site and one offline.

LTO-9 technology is also making it easier for businesses to store more data on a single tape as it features an increased tape cartridge storage capacity of up to 45TB when compressed. LTO-9 drives are even fully backward compatible with LTO-8 cartridges so that organizations can continue using their existing tape storage.

The question now is whether increased adoption of tape storage will continue this year and will the amount of total tape capacity shipped in 2022 surpass last year’s shipments.

20 Apr 2022

AMD RX 6400 quietly released to give low-profile PCs a boost

AMD launched the RX 6400 today without much fanfare as several partners like ASRock, Gigabyte, and MSI listed the new graphics cards with major retailers.

Though it’s a weaker GPU than even the RX 6500 XT – which has received rather lukewarm reviews at best – the RX 6400 is designed for those with a low-profile PC that probably can’t fit much else. It’s a single slot that fits into narrow cases well — coupled with the more affordable price of $159 / AU$213 / £121, and it becomes a decent choice in specific scenarios.

The RX 6400 uses very little power as well, only 53W which is even less than the RX 6500 XT. It also has 12 compute units, lower clock speeds, slower RAM, 128Gbps of bandwidth, and two display outputs. These lower specs make sense considering that the Navi24 GPU that powers it was originally made for laptops.

Analysis: Why budget PCs?

The concept of budget PCs might sound counterintuitive to most PC gamers, as the culture surrounding PC gaming tends to focus on power and speed above all else.

But budget PCs offer a unique experience: you can outfit them with the best cheap processors and the best cheap graphics cards, then enjoy nearly any PC game at lower settings for a fraction of the cost. This also means more money to spend on gaming peripherals instead of PC hardware.

Though it’s difficult to find affordable parts in general thanks to the ongoing supply chain problems, parts such as the AMD RX 6400 are sure to bring the ‘budget’ back to budget PCs. Prebuilt rigs are another option for affordability as well, with prices consistently under $1000.


Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us